Best Practices

Best Practices for IPS Sensor that are discussed in Chapter 14, "Troubleshooting Cisco Intrusion Prevention System," also apply for NM-CIDS. In addition to that, here are some recommendations to keep in mind when you are implementing NM-CIDS:

  • You must have the CEF switching turned on the IOS router.

  • You must not configure NM-CIDS and integrated IDS/IPS feature on the IOS router.

  • Do not configure traffic monitoring on the interfaces that are not required. Remember that the monitoring is applied in inbound and outbound directions.

  • Be sure that the NM-CIDS interface is configured with an IP address that is not routable. It is also recommended to configure a loopback and apply that as an unassigned interface under the NM-CIDS interface.

  • For Blocking, you must have a route for Command and Control (C & C) interface to the managed devices (Router, PIX, and so on).

  • Baseline CPU and memory utilization before and after turning on NM-CIDS.

  • Block unnecessary traffic using an ACL on the interface of the router, instead of relying on the NM-CIDS to save CPU cycles and memory utilization of the router.

  • Implement AAA on the router so that NM-CIDS access can be limited for certain users using authorization configuration.

Cisco Network Security Troubleshooting Handbook
Cisco Network Security Troubleshooting Handbook
ISBN: 1587051893
EAN: 2147483647
Year: 2006
Pages: 190
Authors: Mynul Hoda

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: